Total
29896 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43635 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-02-12 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332. | ||||
| CVE-2023-30450 | 1 Redpanda | 1 Redpanda | 2025-02-12 | 4.3 Medium |
| rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | ||||
| CVE-2024-1701 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 5.3 Medium |
| A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2025-02-12 | 4 Medium |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | ||||
| CVE-2023-21496 | 1 Samsung | 1 Android | 2025-02-12 | 6.1 Medium |
| Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | ||||
| CVE-2024-3460 | 1 Kioware | 1 Kioware | 2025-02-12 | 7.4 High |
| In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window. | ||||
| CVE-2025-20884 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-20883 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2024-3459 | 1 Kioware | 1 Kioware | 2025-02-12 | 8.4 High |
| KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. | ||||
| CVE-2024-5245 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-11 | 7.8 High |
| NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755. | ||||
| CVE-2023-1768 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-11 | 3.7 Low |
| Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | ||||
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2025-02-10 | 5.3 Medium |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | ||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-10 | 4.3 Medium |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-20885 | 1 Samsung | 1 Android | 2025-02-10 | 5.1 Medium |
| Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. | ||||
| CVE-2024-20884 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-20883 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-49414 | 1 Samsung | 1 Android | 2025-02-10 | 2.4 Low |
| Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | ||||
| CVE-2023-28051 | 1 Dell | 1 Power Manager | 2025-02-10 | 7.8 High |
| Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | ||||